On Fri, Jan 5, 2018 at 1:44 PM, tor <[email protected]> wrote: > For relay operators using iptables connlimit to mitigate DoS attacks (or > increased load from new clients), is it better for the Tor network to use > "DROP" rules, or should we use something like "REJECT --reject-with > tcp-reset"?
REJECT is friendlier to clients that are not misbehaving but happen to be caught in the crossfire, and to the Internet as a whole. I personally think DROP should only ever be used as a desperation measure when the DoS load is so high that you can't even afford to send RSTs. zw _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
